From 9f8cdc94399138f600222ad6703eaa31c3a25539 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 16 Mar 2025 18:00:23 +0100 Subject: ... --- accounts/gkleen@sif/ssh-hosts.nix | 67 ++++++++++++++++++++++++--------------- 1 file changed, 41 insertions(+), 26 deletions(-) (limited to 'accounts/gkleen@sif/ssh-hosts.nix') diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix index 871b7350..44dc27f5 100644 --- a/accounts/gkleen@sif/ssh-hosts.nix +++ b/accounts/gkleen@sif/ssh-hosts.nix @@ -1,6 +1,11 @@ { lib, pkgs, ... }: let - autosshProxy = port: "${lib.getExe pkgs.socat} - SOCKS4A:127.0.0.1:%h:%p,socksport=${toString port}"; + autosshProxyPorts = { + "ssh.math.lmu.de" = 8118; + "mathw0h" = 8122; + "mathw0e" = 8124; + }; + autosshProxy = host: "${lib.getExe pkgs.socat} - SOCKS4A:127.0.0.1:%h:%p,socksport=${toString autosshProxyPorts.${host}}"; in { "git.ymir" = { hostname = "ymir.yggdrasil.li"; @@ -292,15 +297,15 @@ in { }; "mathw0d" = { hostname = "mathw0d.mathinst.loc"; - proxyCommand = autosshProxy 8122; + proxyCommand = autosshProxy "mathw0h"; }; "mathw0e" = { hostname = "mathw0e.mathinst.loc"; - proxyCommand = autosshProxy 8122; + proxyCommand = autosshProxy "mathw0h"; }; "mathw0f" = { hostname = "mathw0f.mathinst.loc"; - proxyCommand = autosshProxy 8122; + proxyCommand = autosshProxy "mathw0h"; }; "mathw0g" = { hostname = "mathw0g.mathinst.loc"; @@ -319,7 +324,17 @@ in { }; "proxy.mathw0h" = { hostname = "mathw0h.mathinst.loc"; - # proxyJump = "proxy.ssh.math.lmu.de"; + proxyCommand = autosshProxy "ssh.math.lmu.de"; + extraOptions = { + ControlPath = "none"; + ExitOnForwardFailure = "yes"; + ServerAliveCountMax = "15"; + ServerAliveInterval = "2"; + }; + }; + "proxy.mathw0e" = + { hostname = "mathw0e.mathinst.loc"; + proxyCommand = autosshProxy "mathw0h"; extraOptions = { ControlPath = "none"; ExitOnForwardFailure = "yes"; @@ -329,7 +344,7 @@ in { }; "vrt-kvm06" = { hostname = "vrt-kvm06"; - proxyJump = "mathw0e"; + proxyCommand = autosshProxy "mathw0e"; user = "root"; extraOptions = { PasswordAuthentication = "yes"; @@ -338,7 +353,7 @@ in { }; "vrt-kvm05" = { hostname = "vrt-kvm05"; - proxyJump = "mathw0e"; + proxyCommand = autosshProxy "mathw0e"; user = "root"; extraOptions = { PasswordAuthentication = "yes"; @@ -347,7 +362,7 @@ in { }; "vrt-kvm04" = { hostname = "vrt-kvm04"; - proxyJump = "mathw0e"; + proxyCommand = autosshProxy "mathw0e"; user = "root"; extraOptions = { PasswordAuthentication = "yes"; @@ -356,7 +371,7 @@ in { }; "vrt-kvm02" = { hostname = "vrt-kvm02"; - proxyJump = "mathw0e"; + proxyCommand = autosshProxy "mathw0e"; user = "root"; extraOptions = { PasswordAuthentication = "yes"; @@ -365,7 +380,7 @@ in { }; "vrt-kvm03" = { hostname = "vrt-kvm03"; - proxyJump = "mathw0e"; + proxyCommand = autosshProxy "mathw0e"; user = "root"; extraOptions = { PasswordAuthentication = "yes"; @@ -374,7 +389,7 @@ in { }; "vrt-kvm01" = { hostname = "vrt-kvm01"; - proxyJump = "mathw0e"; + proxyCommand = autosshProxy "mathw0e"; user = "root"; extraOptions = { PasswordAuthentication = "yes"; @@ -383,31 +398,31 @@ in { }; "tts-www01" = { hostname = "tts-www01.mathinst.loc"; - proxyCommand = autosshProxy 8122; + proxyCommand = autosshProxy "mathw0h"; user = "root"; }; "vpn-wg01" = { hostname = "vpn-wg01.mathinst.loc"; - proxyCommand = autosshProxy 8122; + proxyCommand = autosshProxy "mathw0h"; user = "root"; }; "repo-apt01" = { hostname = "repo-apt01.mathinst.loc"; - proxyCommand = autosshProxy 8122; + proxyCommand = autosshProxy "mathw0h"; user = "root"; }; "ldap-lmumr01" = { hostname = "ldap-lmumr01.mathinst.loc"; - proxyCommand = autosshProxy 8122; + proxyCommand = autosshProxy "mathw0h"; user = "root"; }; "mail-mi01" = { hostname = "mail-mi01.mathinst.loc"; - proxyCommand = autosshProxy 8122; + proxyCommand = autosshProxy "mathw0h"; }; "mail-www02" = { hostname = "mail-www02.mathinst.loc"; - proxyCommand = autosshProxy 8122; + proxyCommand = autosshProxy "mathw0h"; }; "dpl-fai01" = { hostname = "dpl-fai01.mathinst.loc"; @@ -415,7 +430,7 @@ in { }; "math05" = { hostname = "math05.mathinst.loc"; - proxyCommand = autosshProxy 8122; + proxyCommand = autosshProxy "mathw0h"; extraOptions.KexAlgorithms = "+diffie-hellman-group1-sha1"; }; "switch01" = @@ -441,20 +456,20 @@ in { }; "www-mi01" = { hostname = "www-mi01.mathinst.loc"; - proxyCommand = autosshProxy 8122; + proxyCommand = autosshProxy "mathw0h"; }; "cip04" = { hostname = "cip04.cipmath.loc"; - proxyCommand = autosshProxy 8122; + proxyCommand = autosshProxy "mathw0h"; }; "mgmt-cls01" = { user = "root"; hostname = "mgmt-cls01.cipmath.loc"; - proxyCommand = autosshProxy 8118; + proxyCommand = autosshProxy "ssh.math.lmu.de"; }; "mgmt01" = { hostname = "mgmt01.mathinst.loc"; - proxyCommand = autosshProxy 8122; + proxyCommand = autosshProxy "mathw0h"; user = "root"; }; "ssh-lb01" = @@ -473,17 +488,17 @@ in { "rdlx02" = { hostname = "rdlx02.mathinst.loc"; proxyJump = "mgmt01"; }; "math0d" = { hostname = "math0d.mathinst.loc"; - proxyCommand = autosshProxy 8122; + proxyCommand = autosshProxy "mathw0h"; }; "dhcp01" = { hostname = "dhcp01.mathinst.loc"; user = "root"; - proxyCommand = autosshProxy 8122; + proxyCommand = autosshProxy "mathw0h"; }; "dhcp02" = { hostname = "dhcp02.mathinst.loc"; user = "root"; - proxyCommand = autosshProxy 8122; + proxyCommand = autosshProxy "mathw0h"; }; "cc-gpu-l01" = { hostname = "cc-gpu-l01.mathinst.loc"; @@ -548,7 +563,7 @@ in { user = "root"; }; "nas*" = - { proxyJump = "mathw0e"; + { proxyCommand = autosshProxy "mathw0e"; user = "admin"; extraOptions = { PasswordAuthentication = "yes"; -- cgit v1.2.3